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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 09/25/06 have been fully considered but they are not 
persuasive because of following reasons. 

Applicant argued Alberg teaches away from the security functions being incorporated 
into the design of integrated development environment architecture. This is not found persuasive. 
The section quoted by the applicant enforces the need, to design software such that it has "precise 
design of system functions and structures so that the resulting software is secure against state-of- 
the-art threats and can be demonstrated to be secure using state-of-the-art technology such as 
formal verification/proof technology." The test for obviousness is not whether the features of a 
secondary reference may be bodily incorporated into the structure of the primary 
reference. . .Rather, the test is what the combined teachings of those references would be 
suggested to those of ordinary skill in the art. The objective of the system of Alberg is to 
develop a system that is a protector device for enhancing the security of a computer system 
(column 2 lines 46-50). Therefore the system of Alberg would be added to the system of 
Bowman- Amuah in such a way that it does not change the system but builds on the system, thus 
enhancing it. 
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Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 7 are directed to a method of designing security for an information technology 
system. The examiner asserts that the collection of information does not fall within the statutory 
classes listed in 35 USC 101 . Thus, while the claimed invention might be labeled as a 
device/method the steps described do not result in tangible subject matter. The final product of 
the steps recited in the claim seems to be a diagram to document security requirements that 
would be used to build a system. In order for a subject matter to be statutory, the claimed 
process must be limited to a practical application of the abstract idea. A claim is limited to a 
practical application when the method, as claimed produces a concrete, tangible and useful 
result; i.e., the method recites a step or act of producing something that is concrete, tangible, and 
useful. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claim 7 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

Claim 7 recites the limitation: 
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"the security threats" in line 3; 
"the security properties" in line 4; 

"the plurality of security subsystems" in line 7. There is insufficient antecedent basis for 
these limitations in the claim. 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claim 7 and 10-16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bowman-Amuah (6,405,364 Bl) in view of Alsberg (4,672,572). 

In reference to claim 7, Bowman-Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2), the steps of the method comprising: identifying the security threats to the 
system (column 18 lines 30-36); determining the security properties within a reference model 
(column 49 line 66 to column 50 lines 53), Bowman-Amuah lists the properties provided by the 
components of the overall security solution; assigning functional details of the plurality of 
security subsystems to an infrastructure, a plurality of components, and a plurality of operations 
of the system (column 124 lines 33-35), since the system requires security through out the 
system and therefore security properties need to be embedded in components of the solution; 
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enumerating security requirements for infrastructure, components and operations (column 50 line 
54 to column 51 lines 14); developing integrity requirements (column 18 lines 32-36). 

Although Bowman- Amuah does not disclose creating a functional technology diagram, 
Bowman- Amuah does disclose documenting the process (column 17 lines 64-67), which 
performs the function of the functional technology diagram. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the functional technology diagrams. One of ordinary skill in the art would 
have been motivated to do this because functional requirement diagrams capture the intended 
behavior of the system as shown in the documentation of the process that indicates the intended 
behavior; information that can later be used for testing. 

Bowman- Amuah does not expressly disclose the security subsystem that includes an 
audit subsystem, an integrity subsystem, and an information flow control subsystem. 

Alsberg discloses a protector device for enhancing security (abstract). The system 
includes an audit subsystem (column 6 lines 33-65), an integrity subsystem (column 7 lines 1- 
10), and an information flow control subsystem (column 8 lines 13-63). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include audit subsystem, integrity subsystems, and information flow control 
subsystems as in Alsberg in the system of Bowman- Amuah. One of ordinary skill in the art 
would have been motivated to do this because auditing potentially sensitive material, integrity 
subsystems, and controlling the information flow would increase the security of the system. 

Bowman- Amuah discloses a system and method for building systems in a development 
architecture framework wherein security is integrated into the solution; however the security 
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framework of Bowman- Amuah does not disclose using a baseline of a security model 
comprising a plurality of interrelated and interdependent security subsystems. 

Perona discloses a system that performs rule checks in a two-way manner, restrictions 
such as licensing and source restrictions may be placed not only on system modules, but also on 
the applications using the security to be achieved (abstract). Therefore the modules of Perona 
include security properties in terms of a plurality of interconnected and interdependent security 
subsystems (column 4 lines 20-58 in combination of column Fig. 5). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to create a plurality of interconnected and interdependent security subsystems as in 
Perona in the system of Bowman- Amuah. One of ordinary skill in the art would have been 
motivated to do this because it would enable higher levels of security. 

In reference to claims 11-12, wherein the system further provides integrity assurance 
requirements using a standard set of criteria. 

Alsberg discloses the integrity subsystem providing integrity requirement (part 76 Fig. 5) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the integrity requirements as in Alsberg in the system of Bowman- 
Amuah. One of ordinary skill in the art would have been motivated to do this because the audit 
subsystem gives a view of the system which allows the system to be analyzed and changed to 
make it more secure. 

In reference to claim 10, wherein the method further includes the step of documenting the 
solution environment and security assumptions and using the environment and security 
assumptions in developing the security properties of the overall solution (column 17 lines 64-67). 
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In reference to claim 13 wherein the step of determining the security properties of the 
overall solution includes the step of using the Common Criteria of ISO Standard 15408. 

Although Bowman-Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claims 14-15 wherein the step of using industry standard security criteria 
includes the step of using Common Criteria, which conforms to ISO Standard 15408. 

Although Bowman-Amuah discloses the use of standards, Bowman-Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 16, wherein the step of enumerating security requirements for 
infrastructure components and operations includes the step of identifying, enumerating and 
describing a number of standard security subsystems that in total represent the security function 
of the solution (column 49 line 66 to column 50 lines 53). 



Application/Control Number: 09/838,749 Page 8 

Art Unit: 2135 

Claims 8-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bowman- 
Amuah in view of Alsberg as applied to claim 7 above, and further in view of Leighton et al 
(5,519,778). 

In reference to claim 8, Bowman- Amuah does not disclose ranking the security threats to 
the solution and considering the biggest threats to the security. 

Leighton discloses categorizing (ranking) the security levels and therefore threats 
(column 6 lines 36-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 

In reference to claim 9, Bowman- Amuah does not disclose the step of ranking the 
security threats to the solution includes the jstep of doing less for security threats not considered 
substantial threats to the solution. 

Leighton discloses a hierarchy of security protection and therefore grading security needs 
(column 6 lines 37-67) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 
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A llowable Subject Matter 

Claims 1-6 are allowed. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Jablon 5,421,006 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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The 2100 Tech center will move to Carlyle in October 2004. The new telephone number 
for the receptionist is (571) 272-2100. The examiner's new telephone number will be (571) 272- 
3854. 



PWK 

Friday, October 13,2006 



